Ticket #530 (new defect)

Opened 12 years ago

Last modified 10 years ago

su/sudo shouldn't break if you lose network

Reported by: geofft Owned by:
Priority: normal Milestone: The Distant Future
Component: -- Keywords:
Cc: Fixed in version:
Upstream bug:

Description

It is kind of annoying that you cannot become root on a -workstation/-cluster machine if you lose network (in case you needed root access to be able to restore your network connectivity).

I think this is mainly due to losing name service information. The obvious solution is nscd, but that has its own set of problems with nss_nonlocal. Possibly #486 will address this, but I'd like to not wait until we do that development work _and_ switch to LDAP to solve this, if possible.

I don't know if there's anything other than NSS that it's trying to fetch from the network.

Change History

comment:1 Changed 11 years ago by jdreed

  • Milestone set to The Distant Future

comment:2 Changed 10 years ago by geofft

On the possibly-bad-ideas list is pam_ccreds, which implements the Windows-and-Active-Directory-style solution of caching your password locally for some time so you don't need to go back to the KDC (unless you change your password or something, in which case it falls through and calls pam_krb5).

comment:3 Changed 10 years ago by geofft

Hm, that only helps PAM, not NSS, and I think NSS is the real problem here.

Note: See TracTickets for help on using tickets.